<?php
/*
 * Created on Sep 13, 2010
 *
 * To change the template for this generated file go to
 * Window - Preferences - PHPeclipse - PHP - Code Templates
 */
 
include_once("../configure/configure.php");		//--> global var
include_once("../admin/tools/smarty/libs/Smarty.class.php");		//--> out template
include_once ("../admin/configure/admin.config.inc.php");			//-- admin var

include_once("impl/SessionImpl.php");				//--> Style utils
include_once("impl/UserImpl.php");
include_once ("impl/LoginLogImpl.php");							//-- logs

include_once("../includeSmarty.php");
include_once("../includeTag.php");
include_once("../includeCategories.php");

$userImpl		= new UserImpl(DB_TAG_SYSTEM);			//-- user
$sessionImpl	= new SessionImpl(DB_TAG_SYSTEM, COOKIE_NAME_USER);		//-- session
$loginLogImpl	= new LoginLogImpl(DB_TAG_SYSTEM);		//-- logs

/*----- check session -----*/
if($sessionImpl->isExisted()) {
	$location = './admin.php';
	header("Location: $location");
	
	exit;
}


$email		= $_GET['email'];
$password 	= $_GET['password'];


if(isset($_POST['email'])){
	$email 		= $_POST['email'];
	$password 	= $_POST['password'];

	$oUser = $userImpl->getByEmail($email);
	
	if(empty($email))
		$error_message = "Email is required.";	//-- login name was empty
	else if(empty($password))
		$error_message = "Password is required.";	//-- login password was empty
	else if($oUser == null)
		$error_message = $email." not existed.";
	else if($oUser->getStatus() != 'normal') {//-- check use status
		switch($oUser->getStatus()){
			case 'stop' :  $error_message = $email." be stoped.";	break;
			default  : 	$error_message = $email."  was invalid.";	break;
		}
	}else if($oUser->getPassword() != md5($password . PopedomUtils::SYSTEM_SAFE_KEY)){
		$oBlockLog = $loginLogImpl->getLoginBlockLog($oUser->getId());
		if(is_object($oBlockLog)){
			if(time() - strtotime($oBlockLog->getLoginTime()) > TIME_SPACE){
				// clear old block data
				$oBlockLog->setLoginTime(date("Y-m-d H:i:s"));
				$oBlockLog->setLoginCount(0);				
				$loginLogImpl->addLoginBlockLog($oBlockLog);				
				
				$error_message = 'The password was invalid.';
			}else{
				$loginCount = $oBlockLog->getLoginCount();
				
				if($loginCount >= LOGIN_LIMIT_COUNT){
					$error_message = $email." try to login more times with error password. System will pause this email for 1 hour.";
					//TODO skip to forget password page.
				}else{
					$oBlockLog->setLoginTime(date("Y-m-d H:i:s"));
					$loginLogImpl->addLoginBlockLog($oBlockLog);
					
					if($loginCount < 3)
						$error_message = 'The password was invalid.';	//
					else
						$error_message = $email." use error password to login $loginCount times. You has ".(LOGIN_LIMIT_COUNT - $loginCount)." times to try to login.";		//--
				}
			}
		}else{
			$error_message = 'The login password of '.$email. ' was invalid.';		//--
			
			$oBlockLog = new LoginBlockLogDomain();
			$oBlockLog->setUserId($oUser->getId());
			$oBlockLog->setLoginTime(date("Y-m-d H:i:s"));
			$oBlockLog->setLoginCount(1);
			$oBlockLog->setIp($_SERVER['REMOTE_ADDR']);
			
			$loginLogImpl->addLoginBlockLog($oBlockLog);
		}
	}else if(!$userImpl->checkUserSafe($oUser->getId())){	//--
		$error_message = $email." was not passed security authentication.";	//--
	}

	if(empty($error_message)){	//-- successfully login. write session
		/*--- session share data ---*/
		$arrUser = array();
		$arrUser['gid']		=$oUser->getGroupId();		//--> add user groupid to session
		$arrUser['uname']	=$oUser->getEmail();		//--> add login name to session
		$userId				= $oUser->getId();
		
		if(!$sessionImpl->isExisted()){
			if($sessionImpl->start($userId)){
				$ologinLog = new LoginLogDomain();
				$ologinLog->setUserId($userId);
				$ologinLog->setLoginTime(date("Y-m-d H:i:s"));
				$ologinLog->setLogoutTime(date("Y-m-d H:i:s"));
				$ologinLog->setIp($_SERVER['REMOTE_ADDR']);
				
				$loginOId = $loginLogImpl->addLoginLog($ologinLog);//----- login log
				
				$arrUser['login_id'] = $loginOId;	//--- add login ID to session				
				$sessionImpl->add($arrUser);//--- add share data to session				
				
				header("Location: ./admin.php");
			}else
				echo "<script>javascript:alert(\"Login set failure. Please try to login again after that you reduse browser's security level. Any problems, Please contact administrater.\");window.location='./login.php';</script>";
		}else{
			header("Location: ./admin.php");
		}
		exit();
	}else
		echo "<script>javascript:alert('$error_message');window.location='./login.php';</script>";
}

$smarty->assign('HOME_URL', HOME_URL);
$smarty->assign('HOME_URL_HTTP', HOME_URL);

$smarty->assign('error_message', $error_message);
$smarty->assign('oTags', $oTags);
$smarty->assign('oCatTree', $oCatTree);

$smarty->assign('email', $email);

$smarty->display('login.html');
?>
